Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more details to the output #42

Closed
tschmidtb51 opened this issue Jan 29, 2022 · 9 comments
Closed

Add more details to the output #42

tschmidtb51 opened this issue Jan 29, 2022 · 9 comments
Assignees
@JanHoefelmeyer
Labels
csaf_checker

Comments

@tschmidtb51
Copy link
Collaborator

tschmidtb51 commented Jan 29, 2022
edited
Loading

From a user's perspective, it would be beneficial to have more details (or at least an option for it) in the output. It should include:

  • Information from the publisher object
  • role
  • Path of the provider-metadata.json found as link
  • whether the provider-metadata.json is valid
  • Path of the security.txt tested/found
  • whether ROLIE feeds exist, where and whether they are valid
@tschmidtb51
Copy link
Collaborator Author

One should also be able to provide a TLS client certificate to use for the TLP:AMBER and TLP:RED feeds.

@bernhardreiter bernhardreiter mentioned this issue Jan 31, 2022
Closed
@bernhardreiter
Copy link
Collaborator

Moved the client certificate part to #46.

@JanHoefelmeyer JanHoefelmeyer self-assigned this Jun 14, 2022
@JanHoefelmeyer
Copy link
Collaborator

Talked to @bernhardreiter, tested version: 0.9.2-10-g006f088
Tested output.

Unclear what "role" means.
No information from the publisher object present.
For provider-metadata.json, only info provided was whether it was found.
For security.txt, no path was provided.
No ROLIE feed information was provided.

Then, tried out the verbose option:
Now additional information was written into the log above the standard output:
Location of security.txt and provider-metadata.json:
2022/06/14 12:38:01 [GET]: https://localhost/.well-known/security.txt
2022/06/14 12:38:01 [GET]: https://localhost/.well-known/csaf/provider-metadata.json

No information about the other points.
Should the information about these files (as well as the other still missing information) be moved into the standard output or stay within the verbose option?

@JanHoefelmeyer JanHoefelmeyer mentioned this issue Jun 14, 2022
Closed
@JanHoefelmeyer
Copy link
Collaborator

Opened a new issue #184 for the ROLIE feed part of the issue.

@bernhardreiter
Copy link
Collaborator

The output for check 9 related to the validity of the used provider-metadata.json and --verbose shows the URLs for all access attempts.

@tschmidtb51 Do you agree that this is enough for paths and validity for the provider-metadata.json?

@tschmidtb51
Copy link
Collaborator Author

Let's discuss this on Friday.

@bernhardreiter
Copy link
Collaborator

Wished for is to print the publisher and role object values from the provider-metadata.json that is used. (Acceptable would be to have this as diagnostic output on the command line behind --verbose. )

And give out the path of the provider-metadata.json that is used.

@tschmidtb51
Copy link
Collaborator Author

If it is integrated into the standard output, I suggest the following location in the json:

{
  "domains": [
    {    
      "name": "any.domain.name.example",
      "publisher": {
         // Publisher details here
       },
       "role": "csaf_provider",
       "requirements": [
          // Test results here
        ]
    }
  ]
}

This was referenced Jul 18, 2022
Merged
Open
@s-l-teichmann
Copy link
Collaborator

I think, PR #238 has solved this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JanHoefelmeyer JanHoefelmeyer

Labels
csaf_checker
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@s-l-teichmann @bernhardreiter @tschmidtb51 @JanHoefelmeyer